Created attachment 177035 [details] libwww-5.4.0_6.patch - Add three patches from NetBSD pkgsrc for fix CVE's: CVE-2005-3183 (files/patch-Library_src_HTBound.c) CVE-2009-3560 (files/patch-modules_expat_xmlparse_xmlparse.c) CVE-2009-3720 (files/patch-modules_expat_xmltok_xmltok__impl.c) - Add License - Add USES=ssl - Strip .so files (Q/A warnings) - Regenerate old patches - Bump PORTREVISION [Q/A] portlint: OK (looks fine.) testport: poudriere: i386, 9.3 (OK) poudriere: amd64, 9.3 (OK) poudriere: i386, 10.3 (OK) poudriere: amd64, 10.3 (OK) poudriere: i386, 11 (OK) poudriere: amd64, 11 (OK) poudriere: i386, 12 (OK) poudriere: amd64, 12 (OK)
References: CVE-2005-3183 (files/patch-Library_src_HTBound.c) http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/www/libwww/patches/patch-ap CVE-2009-3560 (files/patch-modules_expat_xmlparse_xmlparse.c) http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/www/libwww/patches/patch-as CVE-2009-3720 (files/patch-modules_expat_xmltok_xmltok__impl.c) http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/www/libwww/patches/patch-ar
Hi Danilo, thanks for working on this! I don't have time to thoroughly test or review the patch, on a quick glance it looks good to me. Do you want to take over as a maintainer of this port? Thanks Marius
@Danilo Thank you for this, great work
Thank you for both feedbacks. If it's ok for you, I can take maintanership.
Take for review. Should commit tomorrow.
A commit references this bug: Author: junovitch Date: Tue Nov 29 22:59:47 UTC 2016 New revision: 427403 URL: https://svnweb.freebsd.org/changeset/ports/427403 Log: www/libwww: address 3 security vulnerabilities; cleanup - Add three patches from NetBSD pkgsrc for fix CVE's: CVE-2005-3183 (files/patch-Library_src_HTBound.c) CVE-2009-3560 (files/patch-modules_expat_xmlparse_xmlparse.c) CVE-2009-3720 (files/patch-modules_expat_xmltok_xmltok__impl.c) - Add License - Add USES=ssl - Strip .so files (Q/A warnings) - Regenerate old patches - Pass MAINTAINER to submitter PR: 214546 Submitted by: Danilo G. Baio <dbaio@bsd.com.br> Approved by: marius@nuenneri.ch (maintainer) Security: CVE-2009-3720 Security: CVE-2009-3560 Security: CVE-2005-3183 Security: https://vuxml.FreeBSD.org/freebsd/18449f92-ab39-11e6-8011-005056925db4.html MFH: 2016Q4 Changes: head/www/libwww/Makefile head/www/libwww/files/patch-Library__src__HTMIMImp.c head/www/libwww/files/patch-Library_src_HTBound.c head/www/libwww/files/patch-configure head/www/libwww/files/patch-libwww-config.in head/www/libwww/files/patch-modules_expat_xmlparse_xmlparse.c head/www/libwww/files/patch-modules_expat_xmltok_xmltok__impl.c
A commit references this bug: Author: junovitch Date: Tue Nov 29 23:00:58 UTC 2016 New revision: 427404 URL: https://svnweb.freebsd.org/changeset/ports/427404 Log: MFH: r427403 www/libwww: address 3 security vulnerabilities; cleanup - Add three patches from NetBSD pkgsrc for fix CVE's: CVE-2005-3183 (files/patch-Library_src_HTBound.c) CVE-2009-3560 (files/patch-modules_expat_xmlparse_xmlparse.c) CVE-2009-3720 (files/patch-modules_expat_xmltok_xmltok__impl.c) - Add License - Add USES=ssl - Strip .so files (Q/A warnings) - Regenerate old patches - Pass MAINTAINER to submitter PR: 214546 Submitted by: Danilo G. Baio <dbaio@bsd.com.br> Approved by: marius@nuenneri.ch (maintainer) Approved by: ports-secteam (with hat) Security: CVE-2009-3720 Security: CVE-2009-3560 Security: CVE-2005-3183 Security: https://vuxml.FreeBSD.org/freebsd/18449f92-ab39-11e6-8011-005056925db4.html Changes: _U branches/2016Q4/ branches/2016Q4/www/libwww/Makefile branches/2016Q4/www/libwww/files/patch-Library__src__HTMIMImp.c branches/2016Q4/www/libwww/files/patch-Library_src_HTBound.c branches/2016Q4/www/libwww/files/patch-configure branches/2016Q4/www/libwww/files/patch-libwww-config.in branches/2016Q4/www/libwww/files/patch-modules_expat_xmlparse_xmlparse.c branches/2016Q4/www/libwww/files/patch-modules_expat_xmltok_xmltok__impl.c
Committed. Thanks! The only feedback is we don't to the keywords on patch files (the $FreeBSD$). Our policy is they all use the nokeywords property (try `cd www/libwww/files; svn proplist *`).